Proposal: HTML tag to disable active content
From the perspective of a web application programmer and security consultant, I think it would be very useful to have HTML tags to mark HTML sections where active content should be disabled, possibly selected active content. Right now the HTML environment with respect to potentially dangerous content is: In order to stop, you must make sure that none of the 1001 GO buttons were pressed before. There is no STOP button. No Big Red Emergency Stop button. This seems to be a disaster prone situation. Like driving a car without brakes. Only experts can do it, and typically even they screw up too. I think we need some form of brakes. Something like the following: activeoff lock=matchingrandomstring allowed=java / Any active content disabled here. Even if slips past site's filters. activeon lock=matchingrandomstring / The disabled active content reenabled. Does not mean everything enabled, just those disabled earlier. (The / is to make it XHTML compatible ala the BR tag). This would be especially good for sites displaying 3rd party/possibly hostile content- for example: webmail sites (Hotmail, Yahoo), discussion sites (slashdot, kuro5hin, etc), sites displaying syndicated content from other sources, or even search engines. Reasoning: 1) Though sites should still filter any content they display, there have been cases where due to browser parser differences, attackers can still slip in dangerous active content. Sites are unable to deal with the myriad browser bugs. 2) There are too many ways to slip in dangerous content. And the number of ways seems to be increasing not decreasing. 3) There aren't enough tags to disable dangerous content, only way to ensure is to make sure that no dangerous content appears anywhere. 4) With a tag like this, sites can enable active content under their control, whilst reducing the chance that malicious active content will affect their users. Users can thus be more confident about enabling active content. Finally: I have exploited sites just by using IFRAMEs or images alone. So rather than just disabling active content it may actually be good to have a tag that selectively disables stuff, or a safe HTML only option, the typical safe HTML sites allow - no images, no IFRAMEs. So maybe instead of activeoff it should be something like: htmlmode option=safe allowed=a,table lock=randomstring But implementation complexity could increase. Simplicity is the target - simple = less bugs, easy adoption. If there were tags to disable stuff like this became common usage, it could be very much harder to do mischief. This is not a total solution. There are no 100% solutions in security. This is a safety aid - seat belt, air bag, brakes etc. Just because brakes aren't a 100% solution to driving safely doesn't mean you don't need brakes. I have tried the www-html list, and other places, nothing happened, many people didn't even understand the problem or concept, but still objected anyway. Link.
Three Requests
Hello each group, I am currently in the US Army and not sure which list to request these features in future releases of Mozilla. First, Is there a way to change Mozilla so that if you don't use Mozilla Mail you can select another Email package on Win32 platform such as Outlook. We use S/MIME email and I am not aware if Mozilla Mail supports this. Second, I see Mozilla is able to import PKCS-12 type certificates for web authentication. We use PKCS-7 type certificates and everytime I try importing a certificate from my smart card CAC into mozilla for web authentication, it fails. Is there a way to create a trusted application so mozilla can read certificates from an Schlumberger or Reflex20 Card Reader? This is mainly for the security people. Third, Does mozilla support ActiveX scripting on Win32 and Linux platforms? I am not these email lists so please reply back to myself. I apoligize if I have email these questions to the wrong lists and please forward to the correct one. Thanks for your help in advance Dan Hutchinson 7701 Telegraph Road Alexandria VA 22315 703-428-8854
FTP User
At last, I have another request, is there away to change an automated ftp send command from sending anonymous and a users email address to a designated ftp account and password. Dan Hutchinson 7701 Telegraph Road Alexandria VA 22315 703-428-8854
Three Requests
Hello each group, I am currently in the US Army and not sure which list to request these features in future releases of Mozilla. First, Is there a way to change Mozilla so that if you don't use Mozilla Mail you can select another Email package on Win32 platform such as Outlook. We use S/MIME email and I am not aware if Mozilla Mail supports this. Second, I see Mozilla is able to import PKCS-12 type certificates for web authentication. We use PKCS-7 type certificates and everytime I try importing a certificate from my smart card CAC into mozilla for web authentication, it fails. Is there a way to create a trusted application so mozilla can read certificates from an Schlumberger or Reflex20 Card Reader? This is mainly for the security people. Third, Is there a way to change the ftp user from anonymous to a designated ftp user and password? I am not these email lists so please reply back to myself. I apoligize if I have email these questions to the wrong lists and please forward to the correct one. Thanks for your help in advance Dan Hutchinson 7701 Telegraph Road Alexandria VA 22315 703-428-8854 Dan Hutchinson 7701 Telegraph Road Alexandria VA 22315 703-428-8854
Re: Proposal: HTML tag to disable active content
Lincoln Yeoh wrote: I have tried the www-html list, And have read your proposal there (about a year ago?). (But I don't remember the discussion exactly anymore.) and other places, nothing happened Maybe because there were valid concerns, maybe it's even just a bad idea? To be taken seriously, you'd have to link to these other discussions and preferably include and consider the counter-arguments.
Re: Proposal: HTML tag to disable active content
Lincoln Yeoh wrote: But can you actually help? No, I have no time. e.g. Telling me I've got it wrong and so I can forget the whole thing or fix it (slightly broken), or I've got it right and you can actually help take the idea further, or you know someone who can? The idea doesn't look wrong per se to me. However: IIRC, the argument on the www-html list was to make server-side libs. That sounds like solution which is - more correct - more secure (less likely to fail, if there are bugs) - more likely to get implemented (try convincing MS OTOH, you can implement e.g. a python lib and just use that, and your server is secure as well as all other servers caring and using your lib) - more adaptable (different servers might have different security needs, i.e. different tradeoffs between features and security) Taken seriously? Go ahead laugh I didn't laugh. But to get something in the HTML standard, you need a make a decent case. Ben Bucksch Beonex
....
Title: §A¬Ý¨ì³o«Ê°Q¹½ªº email ®É
²´¬Ý¨ä¥L¤H§V¤OÁÈ¿ú³£·Q´£¤É¦Û¤vªº¥Í¬¡«~½èÃø¹D§A³£¤£·Q¶Ü..
·Q·Qª¨ª¨¡A¶ý¶ý¡A¬O¤£¬O¦~¬ö¶V¨Ó¶V¤j¤F©O??
·Q·Q§Aªº©d¤l¡A§Aªº¥ý¥Í¬O¤£¬O¤u§@«Ü¨¯W
¬O¤£¬OÀ³¸Ó¨É²MºÖªº®ÉÔ©O
§Ú̦~»´ªº´NÀ³¸Ó¦n¦n§V¤O§V¤O¤~¬O
§A¬Ý¨ì³o«Ê°Q¹½ªº email ®É.§A¤]¥u·|¦¬µoªB¤ÍÂà¨ÓÂà¥hªº«H¥ó½}¤F
¬°¦ó¤£·Q·Q¦³«Ü¦h¤H«o·|¥Î¹q¸£¦¬µoªB¤ÍÂà¨ÓÂà¥hªº«H¥ó
´À¦Û¤v¨C¤ëÁȨì 20 ¸U¥H¤W
§O¤£¦n·N«ä
¦pªG§A±N³o«Ê¦³¥i¯à§ïÅܧA¤@¥Íªº e-mail
§R°£ªº¸Ü
§AÁÙ¬O¨Ä¨Äªº¥hÁȨº 3 ¸U¦h¦ºÁ~¤ô§a
§Úª¾¹D¥Í¬¡¶V¨Ó¶V¨¯W
ÁÈ¿ú¶V¨Ó¶V§xÃø...Á`¬OÁȨº 3 ¸U ¦h¤@ÂIÂI
¦pªG§A¦Û¤v¯uªº·QÁÈ¿ú
·QÅý¦Û¤v»P®a¤H¹L¨Ç¤£¿ùªº¥Í¬¡
§A´N¥²¶·ªá¨Ç®É¶¡¥h¤F¸Ñ§O¤H«ç»òÁÈ¿úªº
..§Ú§i¶D§A...
§Ú¤]¬O¦]¬°³o«Ê e-mail ¦Ó¥O§Úªº¦¬¤J¼W¥[¤F3¿¦h.
°²Y§A·Q¦A¶i¤@¨B¤F¸Ñªº¸Ü½Ð¨Ó«H§iª¾
(§K¶O¯Á¨ú¥úºÐ»¡©ú)
¦b³o¤£´º®ðªº®É¥N¡A¥[·ù¥þ¥Á³sÂê¶W°Ó¬O±z³Ì¨Îªº¿ï¾Ü¡A
§Ṳ́£¨ü´º®ð¼vÅT
¡A¨ä·~ÁZÁÙ¦b«ùÄò¦¨ªø¤¤¡A½Ð
±z¾¨§ÖÁܽбzªºªB¤Í¨Ó°Ñ»P§Ú̧K¶Oªº³Ð·~»¡©ú½Òµ{¡A¥H¤Î§K¶Oªººô¸ô¦æ¾P½Òµ{¡C
¦pªG§A±µ¨ü³o¼Ëªº«Øij¡A§A¤µ¦~ªº¦¬¤J¥i¯à·|´£¤É¦n¦h¿
¦pªG§A©ñ±ó¡A§A¤µ¦~ªº¦¬¤JÀ³¸ÓÁÙ¬O¤ñ·Ó¥h¦~½}¤F
§O¦AµS¿Ý¤£¨M¤F
¦pªG±z¸ò§Ú¤@¼Ë¹ï³oӨƷ~¦³¿³½ì½Ð±z¯d¤U§Aªº©m¦W¡B¹q¸Ü¤Î¦í§}±H¨ì¡G
[EMAIL PROTECTED]
§Ú±N·|Åý±z§ó¤F¸Ñ³oÓ°g¤Hªº¨Æ·~
